The attacker had access to the database which included your real life name and contact info, and encrypted payment informtion. While it's conceivable that the attacker could have found a way to break the encryption on the payment information, it's unlikely. However, to be absolutely certain you could decide to alert your credit card company.
It's possible your security question was compromised, which is why one reason why we're asking everyone to change their password themselves. We do not have access to passwords, so can't give them out even if someone does have the answer to the security question.
We haven't given out the technical details of our encryption process for obvious reasons. However, the payment information encryption is not reversible. In addition, we pass the full, unencrypted payment information to a secure, off-network vault which is one-way only, and which none of us has access to.
It's possible your security question was compromised, which is why one reason why we're asking everyone to change their password themselves. We do not have access to passwords, so can't give them out even if someone does have the answer to the security question.
We haven't given out the technical details of our encryption process for obvious reasons. However, the payment information encryption is not reversible. In addition, we pass the full, unencrypted payment information to a secure, off-network vault which is one-way only, and which none of us has access to.
I've been around the block a few times when it comes to user information databases and web systems. Can you please explain to us if in fact our payment information is encrypted using a one way algorithm, why it's being stored on a system that's accessible from the webservers in the first place? I would assume the payment information encryption would be two way so that payment information can be decrypted for billing purposes, if this isn't the case, why is it being stored where it is at all? Also, regardless of the 'secure' off-network vault being 'one-way', why is that data being stored unencrypted at all? That is totally irresponsible of you to store unencrypted payment information anywhere.